PHP 7.2 Warning: "Cannot change session name when session is active"

I have done a bug report at php.net and they explained that this is not a bug. Yes in PHP 7.2 a warning is generated now. However this never worked as intended, it just failed silently.

For creating multiple sessions it is required to use session_id(). Have a look at this related question: PHP How can I create multiple sessions?

session_name() as well as session_set_cookie_params() are always nonesense if the session is already running.

For the original answer have a look here: https://bugs.php.net/bug.php?id=75650&thanks=2


TLDR: if the session exists, use setcookie(session_name(), session_id(), ...) else use session_set_cookie_params(...)

https://www.php.net/manual/en/function.session-set-cookie-params.php#100657

As PHP's Session Control does not handle session lifetimes correctly when using session_set_cookie_params(), we need to do something in order to change the session expiry time every time the user visits our site. So, here's the problem.

<?php
  $lifetime=600;
  session_set_cookie_params($lifetime);
  session_start();
?>

This code doesn't change the lifetime of the session when the user gets back at our site or refreshes the page. The session WILL expire after $lifetime seconds, no matter how many times the user requests the page. So we just overwrite the session cookie as follows:

<?php
  $lifetime=600;
  session_start();
  setcookie(session_name(),session_id(),time()+$lifetime);
?>

And now we have the same session cookie with the lifetime set to the proper value.

My solution:

Originally:

        $cookieParams = session_get_cookie_params();

        session_set_cookie_params(
            $seconds,
            $cookieParams['path'],
            $cookieParams['domain'],
            $cookieParams['secure']
            );

Now:

        if(isset($_SESSION)) {
            if ($seconds != 0) {
                setcookie(session_name(), session_id(), time() + $seconds);
            } else {
                setcookie(session_name(), session_id(), $seconds);
            }
        } else {
            $cookieParams = session_get_cookie_params();

            session_set_cookie_params(
                $seconds,
                $cookieParams['path'],
                $cookieParams['domain'],
                $cookieParams['secure']
            );
        }

I had a similar problem but finally found a way through. The code below was my first approach that gave me errors.

static function startmysession($lifetime, $path, $domain, $secure, $httponly){

    session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
    session_regenerate_id(true);

    if(!isset($_SESSION)){
        session_start();
    }
}

Now Earlier versions of php overlooked our mistake(We were practically renaming and giving a session that already exists properties which is very wrong. So how did i solve this problem?

static function startmysession($lifetime, $path, $domain, $secure, $httponly){      
    if(!isset($_SESSION)){  
         session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
         @session_regenerate_id(true);    
             session_start();
         }    
    }

I now bound the session_set_cookie_params() just before session start and I test if the session already exists before doing so.

Tags:

Php

Cookies

Session

Php 7.2

Recent Posts